tags:

views:

104

answers:

1
+3  Q: 

Building a generic OO ACL using Doctrine...

I'm looking to design a doctrine-backed ACL system for my own use, although I'm struggling with some of the initial design considerations.

Right now I'm looking at making it based on classes and unique identifiers, storing them in a table as such:

Table: ACL
    ResourceClass
    ResourceKey
    RoleClass
    RoleKey
    Permission

Obviously this is going to demand that I introspect on classes that are being queried to derive the correct ResourceClass values.

I'm wondering if this approach has been done before or if anyone has some advice with doing it in a bettery way. Other things like recursive relationships between Roles also confound me as I'm not sure how to recursively query to build and ACL for a Resource.

I'm not a huge fan of Zend ACL, so please no suggestions for it - I am aware of it!

Further clarifications will be made to this question as people weigh in, so please bear with me! This question itself may require a few iterations! ;)

+2  A: 

I use NestedSet for storing the ACL hierarchy and cache to speed things up.

Doctrine ORM for PHP - NestedSet

Here is a post which may be useful too:

Zend_Acl part 3: creating and storing dynamic ACLs | CodeUtopia - The blog of Jani Hartikainen

(take a look at the two previous parts as well).

takeshin  2010-07-19 20:15:19
Awesome, I will have to look into all the different behaviours.Just to be clear, you used the NestedSet implementation for your roles/groups? That way you could obtain the full list of roles/groups and then query the table that stores all your permissions with all those keys?
Omega  2010-07-20 21:12:27
You don't need Doctrine for this. NestedSet is just an SQL pattern for storing tree lik structures in the database. You may implement it as you like. Stroring the ACL as NestedSet gives you ability to easily find the permissions of children, parents, ascendants etc. This suits very well for big ACL structures. For simple ACL's, an array, Zend_Config (or serializing the ACL, if you really need db) is enough.
takeshin  2010-07-21 06:46:49
I'm not interested in using zend_ACL as it's rather unwieldy. I'm hoping to get more details about how you are storing the ACL as a tree, as to me it is not really a tree of data. Whereas the roles are.I do need to store them in a database however. Which is why I'm using doctrine.
Omega  2010-07-21 12:13:28

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL